Brinztech Alert: Database of Cambodian ISP Ezecom on Sale for just $50

Dark Web News Analysis: Ezecom Database on Sale

A comprehensive database, reportedly from Ezecom, a leading internet service provider (ISP) in Cambodia, is being sold on a hacker forum for the extremely low price of $50 USD.

The data, provided in SQL format, allegedly includes a wide range of highly sensitive information that represents a complete compromise of business and customer data. The leak reportedly contains:

• User and employee account details, including credentials with MD5 hashed passwords.
• Detailed financial transaction and sales records, including customer data.
• Product, pricing, and inventory information.
• System access logs.

Key Cybersecurity Insights

The breach of a major national ISP, combined with egregious security failures like the use of MD5, constitutes a critical threat. The key implications include:

• The Extreme and Unacceptable Risk of MD5 Hashing: This is a catastrophic security failure. The use of the obsolete MD5 algorithm for hashing passwords means they can be cracked in seconds. For all practical purposes, these employee and administrator passwords must be considered exposed in plaintext, potentially giving attackers the keys to Ezecom’s core internal systems.
• A Direct Threat to Critical National Infrastructure: As a major ISP, Ezecom is a component of Cambodia’s critical national infrastructure. A compromise of its systems, customer data, and employee credentials poses a significant national security risk. Attackers could potentially disrupt internet services, monitor user traffic, or use the compromised infrastructure to launch further attacks against other Cambodian entities.
• The Low Price Suggests Malicious, Widespread Distribution: The trivial price of $50 for a national ISP’s database is a major red flag. It indicates the seller’s primary motive is likely not profit, but to ensure the data is distributed as widely and as quickly as possible to cause maximum damage and chaos for the company and its customers.
• A Goldmine for Corporate Espionage and Financial Fraud: The leak of financial transactions, sales records, and product/inventory details provides an unprecedented, real-time view into the company’s operations. Competitors could use this for corporate espionage, while criminals will use the customer and financial data to commit large-scale fraud and targeted phishing attacks.

Critical Mitigation Strategies

This situation requires an immediate, national-level incident response from Ezecom and heightened vigilance from its customers.

• For Ezecom: Assume Complete Compromise and Invalidate All Credentials: Ezecom must operate under the assumption that its systems are compromised and all employee passwords are known. A mandatory, company-wide password reset is the absolute top priority. They must immediately upgrade their password storage system to a modern, salted algorithm (e.g., bcrypt or Argon2).
• For Ezecom: Launch a National-Level Incident Response: Given its role as critical infrastructure, Ezecom must activate its highest-level incident response plan and immediately coordinate with Cambodia’s national cybersecurity authorities (like CamCERT). The investigation must focus on how the database was exfiltrated and whether attackers still have a persistent foothold in their network.
• For Ezecom: Mandate MFA and Harden All Systems: To prevent future credential-based takeovers, Multi-Factor Authentication (MFA) must be mandated for all employee, administrative, and customer-facing systems. A full security audit is necessary to find and remediate the root cause of the breach and other potential vulnerabilities.
• For Ezecom’s Customers: Be on High Alert for Scams: All customers of Ezecom should be officially notified of the breach and warned of the high risk of sophisticated phishing scams. They should be extremely skeptical of any unsolicited calls, emails, or messages claiming to be from Ezecom support and asking for personal or payment information.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. For general inquiries or to report this post, please email us: contact@brinztech.com